Read More About

Trustwave, a leading provider of information security and compliance solutions, today published the Trustwave 2012 Global Security Report[4], a reflection and analysis of investigations, research, and client engagements conducted in 2011.

The report’s findings are based on more than 300 data breach investigations and 2,000 penetration tests performed worldwide last year by SpiderLabs[5], the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing.

For the second year in a row, findings show the food and beverage industry is the top target for cybercriminals. Additionally, industries with franchise models are most at risk in 2012: more than a third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business.

The report[4] also releases surprising findings about the most common password used by global businesses and the riskiest time of day to open an email attachment.

“This year, we performed 42 percent more investigations of breaches and attacks and assembled the most thorough study on business password practices in the industry to-date. The data we have gathered highlights security trends and risks that must be addressed in 2012.”

Key Report Findings

What do cybercriminals want? Customer records remain a valuable target for attackers, making up nearly 90 percent of breached data investigated. While trade secrets or intellectual property followed at a distant 6 percent, highly targeted attacks remain a growing concern, as their success rate is extremely high.

Data breach investigations are on the rise: Trustwave performed 42 percent more investigations in 2011 than in the previous year, conducting more than 300 data breach investigations in 18 countries worldwide. The increase in investigations can be attributed to an increase in targeted, sophisticated attacks resulting in breaches, as well as an increase in investigations in the Asia-Pacific region.

The food and beverage industry remains the top target: For the second year, the food and beverage industry made up the highest percentage of investigations in 2011 at nearly 44 percent.

Franchises and chain stores beware: Trustwave found that industries with franchise and chain store models are the top cyber targets primarily because franchises often use the same IT systems across stores. If a cyber criminal can crack the system in one location, they likely can duplicate the attack in multiple locations. More than a third of 2011 investigations occurred in a franchise business and this number is expected to rise in 2012.

Global businesses have a password problem: Despite headlines regarding data breaches due to poor password practices, global businesses are still allowing employees and system administrators to use weak passwords. Analyzing the usage and weakness trends of more than 2 million business passwords, Trustwave found that the most common password used by global businesses is "Password1" because it satisfies the default Microsoft Active Directory complexity setting.

Careful when you open that attachment: 8 a.m. and 9 a.m. (EST, U.S.) is the most likely time for email sent with a malicious attachment.

Self-detection of attacks and breaches is dismal: Self-detection of compromises decreased in 2011 and only 16 percent of victimized organizations were able to detect the breach themselves. The remaining 84 percent relied on information reported to them by an external entity: regulatory, law enforcement, or public. In those cases in which an external entity was necessary for detection, analysis found that attackers had an average of 173.5 days within the victim’s environment before detection occurred.

Law enforcement steps up its cybersecurity game: The good news for organizations is that the effectiveness of law enforcement to detect breaches increased almost five-fold in 2011. Thirty-three percent of organizations that reported a breach were notified by law enforcement, compared to just seven percent the previous year. This increase can almost be exclusively attributed to work performed by groups such as the United States Secret Service, Interpol, Australian Federal Police and UK’s Serious Organised Crime Agency.

Top Strategic Security Recommendations for 2012

To improve security posture, Trustwave recommends six focus areas for organizations in 2012:

Education of Employees: The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is often the first line of defense.

Identification of Users: Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.

Homogenization of Hardware and Software: Fragmentation of enterprises’ computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.

Registration of Assets: A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.

Unification of Activity Logs: Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.

“Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, such as restaurants, retail stores, and hotels,” Percoco says. “We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations.”